We’re in process of onboarding SCIM 2.0 non-compliant application and were able to aggregate the users/ entitlements.
Our application user SCIM api doesnt have entitlement data available in the schema but entitlement SCIM api has users membership.
Looking for options of how to map entitlements with Application account?
Hi @NeetuDixit
Welcome to SailPoint Developer Community.
If it is non-compliant they how can you consider it as SCIM ?
If API doesn’t return users including Groups/Entitlement data, then we can workaround with Group API with OOTB config or customizations, but for that we should use Web Services connector not SCIM.
– Krish
Hi @NeetuDixit - Just to be clear are you talking about ISC Entitlements or SCIM Entitlements? ISC Entitlements can be SCIM Groups, Entitlements or Roles.
Thanks Krishna !!
Actually, API is returning the users/groups(entitlements) data. Just that, a standard user api also holds the group details using which we make it as entitlement in Account Schema.
But with this application, group api has the user details in the schema so we are getting this “Memberoff” in group schema.
Hope I’m able to clarify the requirements.
referring to SCIM entitlements.
Hi @NeetuDixit - You say SCIM Entitlements, but mention “groups(entitlements)” in the reply above.
I’m going to assume you mean SCIM Groups. Standard behaviour is to update membership on the Groups API, not groups (memberOf) on the Users API. One of the reasons is because a lot of SCIM APIs (like your’s) don’t represent groups on the user object. But also because it is the better way to do it - for example think of AD group members vs AD user memberOf (which is a virtual attribute backlink of group members).
For more info, see Provisioning Settings in:
SCIM Roles and Entitlements work in a different way, but can give you more info if this doesnt help.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.